-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2226
                           irssi security update
                             22 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           irssi
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-7045 CVE-2016-7044 

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3672

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running irssi check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3672-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 21, 2016                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : irssi
CVE ID         : CVE-2016-7044 CVE-2016-7045

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely
exploitable crash and heap corruption vulnerabilities in the format
parsing code in Irssi, a terminal based IRC client.

For the stable distribution (jessie), these problems have been fixed in
version 0.8.17-1+deb8u1.

We recommend that you upgrade your irssi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJX4uJ1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0AAoJEAVMuPMTQ89EioIP/RiBWnM6Wq0t3NzsXoX1Xcv9
dVkpJ6QAbGOsmZvXkJkB6qwVsb4C1SG3IoRx/DPrKAMPeg8b8YdU5j6HbatCvo9h
pq6R/PUsL2jhg9pm+PNCM88uADb7mUDs8aK3ShbFJx+/YKNbeDCI3ZMULXdiMAWG
zKH0EyFjJz4VPVDxkKhuhEA46KDhBPk3TIkwCv5PIhpBp973RD2x48nDX6laV7yF
7vUx3BFVpwkyVpqhoL0OZevyaNhP+Hw4J+DoQiyT8U0xHB3t4wT35lEBxqlVlR0d
03UPSCVA/k0vo5DqtL1ASmeZ3KmMKgUVPS0eeZ07embCdXH9xP6As9XPPxC1tyMB
hsOcF+5vEKcAJPIIqejkWYbIoleX92FeBPzwEnAQPTxT0+RDmc79yOJvRTcHZ84x
C3B5cclEkEfsperb0SRd4RPvN9FldUP9TEPXgSHTDya7VxNe7xpP+2mAI6JUHGyQ
hL5WNj6u1MnfiCp6ZdvZfqWVzsKrd3W9sCl1poWI28MTk9IOPN+E2xjlOLDlJ3gZ
uBxZv3DhaRQgYt3ECvykTyaAzl4kNP5OxkP5RDnJNQzorSgPm0xF+wO/ElnT0KhD
82e66OLby+5SW/mWNCsPjRvAs8/70iHvjErlZSqUSj8u0DRQGFljYmv7kQ5QRIoG
jUbrSQ8OKE8DFMeus3dQ
=Chg3
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV+M5kYx+lLeg9Ub1AQilZBAAmnxxnAjS7+3XPO2e5zZA1dYJw5JAodER
eWMGLqYuaTcI4G45uzjtoK1QCUmZiuGrUR17bO20sLRpRUwedJVBcq0G2d7bPHU2
Oi/4odP9z0f+ECGdGrMiKJLOEFXQFGM7NA9i3I3HEEYicAF1eOXM/b24+dd4ijbw
lmWXQSXUfuo7Nb4Um9M4fAKyZ3nI2XwiORMmCXI8h4+HDO6WgFjcYXEqZX/4mOsd
OiFG3n3WXxgx/qfO5uHMg/gHz7FBtSPes1NQRl8vubVQgSB1zhp2W7b2XGkevHvA
rcBVLNsyu1eKQvuUZSPEevHHFKs+jW+2GeMegvUh8Eh3un/OSs7Mlae6MoCoUBCZ
17Bthvc7tcEtOSdCn2RPbk4FB+7Y+IUVEEyivHz4thJQiWcQijfxNRI1/bE9LFeT
/Y23vL3EPRAJYhK6uz4dbh+/vO4l/ROjZXpl15eL5NAjPHJPKxYBYdQPJOiAWp30
BUjegC5CfmLjTb8YiwJE9wXnbuPev8/aw31q6ryEBE49lNhEou7Z8TcOT6h4QdKk
m9LsUqWjsEngRRj2lQ/n2ewC6lE79sGOGk7gbzF6FePNF1XZJc/T6pW9/zgpc6U4
kqdHz7+Nddh1FLwL3Q8TbVsJ7n1h6c55cv0l7W5F2KrD36fE9uFBEhApN/o/2/EI
/IeGRGNE9tQ=
=TRYN
-----END PGP SIGNATURE-----